We’ve heard and read the word ransomware a lot lately, but what is it and how can you protect yourself against it?

Ransomware is a form of malware or malicious software.

Malware is software designed to damage or do not-so-nice things to your computer. Computer viruses, worms, trojan horses, and spyware are all considered malware. Personally, I consider any program that advertises itself as free and then makes you pay for it once it’s installed on your computer malware, too.

Ransomware encrypts your personal files – your pictures, documents, and videos. You can still see the files, but your computer can’t open them any more. The ransomware demands payment for a key to decrypt your files. Without the decryption key, your files remain scrambled and useless to you. Because the criminals demand payment for the decryption key, that’s a ransom demand. Ransom plus malware equals ransomware.

In the good old days (like last year), ransomware infections happened by clicking on a link or an attachment to an email. The ransomware infections making the news the past few months use a different, and much more evil, method of infection.

Here’s how it happened.

In April, a hacking group calling themselves The Shadow Brokers published several leaks containing hacking tools from the National Security Agency (NSA). The Shadow Brokers originally attributed the leaks to the Equation Group, who have been tied to the NSA’s Tailored Access Operations unit.

In March, before the public release of these NSA hacking tools, Microsoft released a patch for a serious vulnerability used in Windows networking.

In May, the first ransomware written using these tools appeared in the world. This ransomware didn’t infect computers the ‘normal’ way, by using emails or links. These ransomware criminals used the Shadow Brokers’ leaked NSA tools to exploit a networking flaw in unpatched versions of Windows. People didn’t need to click on anything to get infected. Vulnerable systems got hit, and once infected, they spread the infection to other vulnerable computers on their networks.

This first ransomware infection, widely known as WannaCry, was spread by company networks and didn’t affect too many people on home networks.

The latest infection on the news, sometimes known as Petya/NotPetya, uses the same infection vector as WannaCry, unpatched Windows computers, to spread to other computers on the same network. The difference with Petya/NotPetya is that the ransomware ‘look’ of the infection is fake. The ransom note left behind is, in fact, a hoax intended to capitalize on media interest sparked by the last WannaCry outbreak.The real purpose of Petya/NotPetya is to encrypt a user’s files and never give them back. Initially targeting networks in the Ukraine, Petya/NotPetya spread beyond the country’s borders because, well, that’s how the Internet works.

OK, I’m scared. How do I protect my computer?

Do your Windows Updates. Microsoft released a patch for the specific vulnerability used in these attacks in March before all this started. Microsoft even released patches for unsupported Windows XP, Windows Vista, and Windows 8.0 computers; that’s how bad this was.

Make backups. Back up everything your Documents folder. Use local backups to an external hard drive and keep it unplugged from your computer when you’re not backing up. Or sign up for an online backup service like Carbonite or Crashplan.

Don’t click. Just don’t do it. Ransomware links can show up as attachments from a package delivery company or an invoice from a business that sounds vaguely familiar. If you’re not expecting something like that, don’t click on the link or the attachment.

Help, I’m infected!

If you have backups, you’re fine. For the cleanest recovery, reload Windows and restore your backup.

If you don’t have backups, you’re in trouble. You’ll still have to reload Windows, but you don’t get any of your files back.

Computer versus a human

A computer once beat me at chess, but it was no match for me at kickboxing.

Emo Philips – is an American comedian famous for his eccentric appearance, surreal humor, and the bizarre cadence of his voice in the delivery of his lines.

Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at greg@tech-hachapi.com.

Greg Cunningham and tech-hachapi.com are not affiliated with anybody anywhere and operate as an independent, state-licensed, insured, and certified locally-owned and operated onsite computer repair service company.

Disclaimer: The physical address listed on any marketing associated with tech-hachapi.com is solely intended to represent that onsite computer repair service is available only in the greater Tehachapi area.
Any address so listed is not intended to be visited in person by potential or current customers, nor is such physical address an actual store.